community.general.nmap inventory – Uses nmap to find hosts to target
Note
This inventory plugin is part of the community.general collection (version 7.5.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this inventory plugin,
see Requirements for details.
To use it in a playbook, specify: community.general.nmap
.
Synopsis
Uses a YAML configuration file with a valid YAML extension.
Requirements
The below requirements are needed on the local controller node that executes this inventory.
nmap CLI installed
Parameters
Parameter |
Comments |
---|---|
Network IP or range of IPs to scan, you can use a simple range (10.2.2.15-25) or CIDR notation. Configuration:
|
|
Toggle to enable/disable the caching of the inventory’s source data, requires a cache plugin setup to work. Choices:
Configuration:
|
|
Cache connection data or path, read cache plugin documentation for specifics. Configuration:
|
|
Cache plugin to use for the inventory’s source data. Default: Configuration:
|
|
Prefix to use for cache plugin files/tables Default: Configuration:
|
|
Cache duration in seconds Default: Configuration:
|
|
Create vars from jinja2 expressions. Default: |
|
Whether to always ( Choices:
|
|
List of addresses to exclude. For example Configuration:
|
|
Add hosts to group based on Jinja2 conditionals. Default: |
|
Scan via ICMP Timestamp ( Depending on your system you might need Choices:
|
|
use IPv4 type addresses Choices:
|
|
use IPv6 type addresses Choices:
|
|
Add hosts to group based on the values of a variable. Default: |
|
The default value when the host variable’s value is an empty string. This option is mutually exclusive with |
|
The key from input dictionary used to generate groups |
|
parent group for keyed group |
|
A keyed group name will start with this prefix Default: |
|
separator used to build the keyed group name Default: |
|
Set this option to False to omit the This option is mutually exclusive with Choices:
|
|
Use in conjunction with keyed_groups. By default, a keyed group that does not have a prefix or a separator provided will have a name that starts with an underscore. This is because the default prefix is “” and the default separator is “_”. Set this option to False to omit the leading underscore (or other separator) if no prefix is given. If the group name is derived from a mapping the separator is still used to concatenate the items. To not use a separator in the group name at all, set the separator for the keyed group to an empty string instead. Choices:
|
|
Only scan for open (or possibly open) ports. Choices:
|
|
token that ensures this is a source file for the ‘nmap’ plugin. Choices:
|
|
Only scan specific port or port range ( For example, you could pass |
|
Enable/disable scanning ports. Choices:
|
|
If Since it is possible to use facts in the expressions they might not always be available and we ignore those errors by default. Choices:
|
|
Set to Choices:
|
|
Scan via UDP. Depending on your system you might need Choices:
|
|
Whether to always ( Choices:
|
|
Merge extra vars into the available variables for composition (highest precedence). Choices:
Configuration:
|
Notes
Note
At least one of ipv4 or ipv6 is required to be True, both can be True, but they cannot both be False.
TODO: add OS fingerprinting
Examples
# inventory.config file in YAML format
plugin: community.general.nmap
strict: false
address: 192.168.0.0/24
# a sudo nmap scan to fully use nmap scan power.
plugin: community.general.nmap
sudo: true
strict: false
address: 192.168.0.0/24
# an nmap scan specifying ports and classifying results to an inventory group
plugin: community.general.nmap
address: 192.168.0.0/24
exclude: 192.168.0.1, web.example.com
port: 22, 443
groups:
web_servers: "ports | selectattr('port', 'equalto', '443')"